Crash on "ip link add foo type ipip"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
High
|
Juerg Haefliger | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned | ||
Disco |
Fix Released
|
High
|
Juerg Haefliger |
Bug Description
On 4.18.0-13-generic #14-Ubuntu SMP Wed Dec 5 09:04:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
When I executed "sudo ip link add foo type ipip" kernel crashed, leaving the system working but mostly unusable (networking was flaky). dmesg showed:
[156541.500970] ipip: IPv4 and MPLS over IPv4 tunneling driver
[156541.502201] BUG: unable to handle kernel NULL pointer dereference at 0000000000000108
[156541.502207] PGD 0 P4D 0
[156541.502210] Oops: 0000 [#1] SMP PTI
[156541.502213] CPU: 9 PID: 29001 Comm: ip Tainted: G OE 4.18.0-13-generic #14-Ubuntu
[156541.502215] Hardware name: Dell Inc. XPS 15 9570/0HWTMH, BIOS 1.6.0 11/02/2018
[156541.502223] RIP: 0010:ipip_
[156541.502224] Code: d9 fe ff ff 48 8d 93 78 09 00 00 eb 93 48 89 de 4c 89 e7 e8 cd 78 fe ff eb c3 e8 c6 79 5d e8 66 0f 1f 44 00 00 0f 1f 44 00 00 <48> 8b 87 08 01 00 00 48 85 c0 0f 84 1a 02 00 00 8b 12 85 d2 0f 85
[156541.502245] RSP: 0018:ffffbac005
[156541.502246] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[156541.502248] RDX: ffffbac005a2b5d0 RSI: ffff9c1122439900 RDI: 0000000000000000
[156541.502249] RBP: ffffbac005a2b600 R08: 0000000000000000 R09: ffffbac005a2b594
[156541.502250] R10: ffffffffc0cb9120 R11: 0000000000000000 R12: ffff9c1122439000
[156541.502251] R13: ffff9c1122439900 R14: ffffbac005a2b930 R15: ffffffffaa805780
[156541.502253] FS: 00007fe21934868
[156541.502254] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[156541.502255] CR2: 0000000000000108 CR3: 000000010f724001 CR4: 00000000003606e0
[156541.502257] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[156541.502258] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[156541.502259] Call Trace:
[156541.502265] ? ipip_newlink+
[156541.502273] rtnl_newlink+
[156541.502279] ? nla_parse+0x35/0xe0
[156541.502280] ? rtnl_newlink+
[156541.502288] ? get_page_
[156541.502298] ? mem_cgroup_
[156541.502302] ? lru_cache_
[156541.502309] ? handle_
[156541.502313] rtnetlink_
[156541.502318] ? copy_user_
[156541.502320] ? rtnl_calcit.
[156541.502327] netlink_
[156541.502329] rtnetlink_
[156541.502331] netlink_
[156541.502333] netlink_
[156541.502340] sock_sendmsg+
[156541.502342] ___sys_
[156541.502344] ? handle_
[156541.502347] ? __handle_
[156541.502350] __sys_sendmsg+
[156541.502353] __x64_sys_
[156541.502358] do_syscall_
[156541.502361] entry_SYSCALL_
[156541.502364] RIP: 0033:0x7fe219682234
[156541.502365] Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b5 0f 1f 80 00 00 00 00 48 8d 05 c9 d4 0c 00 8b 00 85 c0 75 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 41 54 41 89 d4 55 48 89 f5 53
[156541.502390] RSP: 002b:00007ffe58
[156541.502392] RAX: ffffffffffffffda RBX: 000000005c3dbcf0 RCX: 00007fe219682234
[156541.502393] RDX: 0000000000000000 RSI: 00007ffe5887fc50 RDI: 0000000000000003
[156541.502394] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[156541.502396] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[156541.502397] R13: 00005597e7c6c020 R14: 00007ffe5887fd4c R15: 0000000000000000
[156541.502399] Modules linked in: ipip tunnel4 ip_tunnel veth sctp libcrc32c ses enclosure scsi_transport_sas uas usb_storage ath10k_pci thunderbolt rfcomm pci_stub vboxpci(OE) vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) ccm arc4 cmac bnep binfmt_misc nls_iso8859_1 snd_hda_codec_hdmi snd_hda_
[156541.502470] videodev btintel soundcore cfg80211 memstick cdc_acm media input_leds bluetooth ecdh_generic mei_me joydev mei hid_multitouch idma64 virt_dma processor_
[156541.502523] video pinctrl_intel [last unloaded: ath10k_pci]
[156541.502528] CR2: 0000000000000108
[156541.502531] ---[ end trace 48bd88c62d9ac460 ]---
[156541.502535] RIP: 0010:ipip_
[156541.502536] Code: d9 fe ff ff 48 8d 93 78 09 00 00 eb 93 48 89 de 4c 89 e7 e8 cd 78 fe ff eb c3 e8 c6 79 5d e8 66 0f 1f 44 00 00 0f 1f 44 00 00 <48> 8b 87 08 01 00 00 48 85 c0 0f 84 1a 02 00 00 8b 12 85 d2 0f 85
[156541.502558] RSP: 0018:ffffbac005
[156541.502559] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[156541.502560] RDX: ffffbac005a2b5d0 RSI: ffff9c1122439900 RDI: 0000000000000000
[156541.502561] RBP: ffffbac005a2b600 R08: 0000000000000000 R09: ffffbac005a2b594
[156541.502563] R10: ffffffffc0cb9120 R11: 0000000000000000 R12: ffff9c1122439000
[156541.502564] R13: ffff9c1122439900 R14: ffffbac005a2b930 R15: ffffffffaa805780
[156541.502565] FS: 00007fe21934868
[156541.502567] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[156541.502568] CR2: 0000000000000108 CR3: 000000010f724001 CR4: 00000000003606e0
[156541.502569] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[156541.502571] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
CVE References
Changed in linux (Ubuntu): | |
importance: | Undecided → High |
assignee: | nobody → Juerg Haefliger (juergh) |
Changed in linux (Ubuntu Disco): | |
status: | Confirmed → Fix Committed |
Changed in linux (Ubuntu Xenial): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu Bionic): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu Cosmic): | |
status: | New → Fix Committed |
tags: | added: cscc |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1811803
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.